1、查看所属ou目录下所有user,CN和DN
from ldap3 import Server, Connection, ALL, NTLM
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询范围,即所属ou
search_base = 'ou=test,dc=abcd,dc=com'
# 查询user,或者persion
search_filter = '(objectClass=user)'
# 查看用户信息,DN 和 cn
search_attributes = ['cn', 'distinguishedName']
# 进行查询
conn.search(search_base, search_filter, attributes=search_attributes)
# 查询结果存储在conn.entries 中,可以通过迭代来处理查询结果,饼提取所需用户信息
# 通过遍历进行输出用户信息
for entry in conn.entries:
dis_name = entry.distinguishedName
user_cn = entry.cn
print(f'dis_name: {dis_name}, user_cn: {user_cn}')
# 关闭连接
conn.unbind()
2、查看所属ou目录下所有组,组名和所属成员
from ldap3 import Server, Connection, ALL, NTLM
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询范围
search_base = 'ou=test,dc=abcd,dc=com'
# 查询组
search_filter = '(objectCategory=group)'
# 需要获取的属性,这里我们获取组名和成员,DN
attrs = ['cn', 'member', 'distinguishedName']
# 进行查询
conn.search(search_base, search_filter,attributes=attrs)
# 查询结果存储在conn.entries 中,可以通过迭代来处理查询结果,饼提取所需用户信息
# 通过遍历进行输出用户信息
for entry in conn.entries:
print(f'成员: {entry.cn}, 组名: {entry.member},显示DN:{entry.distinguishedName}')
# 关闭连接
conn.unbind()
3、输出组内所有用户,统计所有用户数量
from ldap3 import Server, Connection, ALL, NTLM
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 设置查询指定组
search_base = 'CN=ALL,OU=test,DC=abcd,DC=com'
# 查看内容
search_filter = '(objectClass=*)'
# 查看属性
search_attributes = ['*']
# 进行查询
conn.search(search_base, search_filter, attributes=search_attributes)
# 从结果中提取用户DN
members = conn.entries[0].member
# 打印出所有用户,遍历打印出来
for user_dn in members:
conn.search(user_dn, search_filter, attributes=search_attributes)
print("显示名字:", conn.entries[0].displayName, '\t', "显示DN:", conn.entries[0].entry_dn)
# 统计组里面人数
print("统计人数:", len(members))
# 关闭连接
conn.unbind()
4、修改指定用户密码
from ldap3 import Server, Connection, ALL, NTLM
# 输入域控地址,管理员账号密码
host_ip = '192.168.32.130'
admin_user = 'abcd\\administrator'
admin_password = '123.com'
# 创建server
server = Server(host=host_ip, get_info=ALL, use_ssl=True, port=636)
# 创建连接信息
conn = Connection(server, user=admin_user, password=admin_password, authentication=NTLM)
# 进行连接
conn.bind()
# 修改指定用户密码
user_dn = "CN=t1,OU=test,DC=abcd,DC=com"
# 设置新密码
new_password = "Aa123456"
# 修改密码
conn.extend.microsoft.modify_password(user_dn, new_password)
# 通过反馈信息查询是否成功
if conn.result['description'] == 'success':
print("成功")
else:
print("失败")
# 关闭连接
conn.unbind()
# 可以通过https://localhost/RDWeb/ 查看密码是否修改成功
